Error: Failed to Check Create Dataset Permission

Issue

BigQuery destination setup tests fail with the following error:

BigQuery User Permissions: Failed to check Create dataset permission: IAM setPolicy failed for Dataset <dataset>: Operation denied by org policy on resource <resource_id>: ["customConstraints/<custom_constraint_name>"]

Environment

Destination: BigQuery

Resolution

To resolve this issue, update your organization policy so that Fivetran service accounts can be granted the roles/bigquery.dataOwner role on temporary test datasets.

Alternatively, you can avoid domain-based restrictions by configuring the destination to use your own service account. To update an existing BigQuery destination connection:

1. In Fivetran, go to your BigQuery destination connection overview page.
2. In the top right, click the more options menu, then select Edit connection.
3. Set the Use own Service Account toggle to ON.
4. Click Save & Test.

For more information about organization policy restrictions, see the Google Cloud documentation on restricting identities with domain-restricted sharing.

Cause

This issue occurs when an organization policy prevents Fivetran from assigning the roles/bigquery.dataOwner role to temporary test datasets during setup. We must assign this role to validate dataset creation permissions.